Abstract:
Computer scientists have historically adopted quite different views on data (and thus on data management and data analysis) than statisticians, natural scientists, social scientists, and nearly everyone else who uses computation as a tool toward some downstream goal. For example, the former tend to view the data as noiseless bits and focus on algorithms with bounds on worst-case running time, independent of the input; while the latter typically have, either explicitly or implicitly, an underlying statistical model in mind and are interested in using computation and data to gain insight into the world. These issues are relevant now that “large-scale data analysis" has gone from being a technical topic of interest to a subset of computer scientists, to a cultural phenomenon that has a direct effect on nearly everyone. In this talk, I'll share some of my thoughts on these topics, I'll describe two applications (one in social network analysis and one in human genetics) where challenges related to these issues arose and describe how we dealt with them, and I'll offer some thoughts on how this so-called “Big Data" area might evolve.

Abstract:
Repressive nation-states have long monitored telecommunications to keep tabs on political dissent. However, increasing use of encryption on the web, the global nature of modern opposition movements, and productization of hacking tools are causing these governments to attempt infiltrations of targets' computers and mobile phones to steal information. This talk will explore the different types of actors conducting such hacking in the Middle East and the Horn of Africa – the governments themselves, cyber mercenary groups, and cyber militias – and look at the technology they use, ranging from expensive government-only “lawful intercept" kits, to tools from the cybercrime underground. The talk will tie this hacking to real-world consequences suffered by victims, including arrests, interrogations, and imprisonment.

Abstract:
The Heartbleed vulnerability took the Internet by surprise in April 2014. The vulnerability, one of the most consequential since the advent of the commercial Internet, allowed attackers to read protected memory from remote servers, potentially including user passwords and cryptographic master keys. I'll discuss a comprehensive, measurement-based analysis of the vulnerability's impact, including tracking the vulnerable population, assessing how sites responded, observing the stress placed on the HTTPS certificate ecosystem and the activity of attackers, and our experiences with attempting to notify more than 4,000 Internet sites regarding their ongoing vulnerability.

Abstract:
Prior usable security and privacy research has reduced risks by showing how to design privacy and security systems to fit the "average user." Of course, no person perfectly fits this profile, and therefore current solutions are only likely to yield local maxima. We are in the process of studying how individual differences (e.g., personality traits) impact risk perceptions and preferences, and that by doing this, we hope to design future systems that are optimized for individuals. For instance, inferences about an individual, learned through observations over time, may allow a system to automatically set more appropriate default privacy settings or redesign security mitigations so as to appear more salient to that individual.